Keynote by Dr Jon Penney (York University) on human centric security in an era of weaponized tech.

At @uwaterloo.ca Cybersecurity and Privacy Institute Grad conference today. Messaging out some of the talks.

Samsung makes ads on $3,499 smart fridges official with upcoming software update Update introduces two ways for the fridges to show ads.

Update and get ads on your smart fridge. Opt-out of update possible, but will then block other feature improvements and likely security patches. Interested to see how many opt-out.
arstechnica.com/gadgets/2025...

Training LLMs that are both safe and accurate presents challenges such as carbon footprint, fine tuning, accuracy on main tasks, and not having easy work arounds to avoid safeguards.

Sirisha Rambhatla presenting at the @uwaterloo.ca cybersecurity and privacy institute industry day. Building efficient and safe LLMs.

Windows 11's October update just broke the Windows Recovery Environment — USB keyboards and mice unusable in Windows RE after latest bug hits Another week, another OS-breaking bug.

Incidents like this make patch management challenging. Windows patch broke mouse and keyboard support in *recovery mode*. Normal operation still fine, but if anything breaks.... recovery is now gone. How many admins even test for this?
www.tomshardware.com/software/win...

Canada’s big banks, telecoms and tech firms are joining forces to fight scams - The Logic From Bell to Google, major firms in Canada are following Australia’s model of sharing information to fight fraudsters

Canadian Anti-Scam Coalition set to launch this afternoon, its an alliance between credit card companies, banks, telecoms, Canadian government, and tech companies. The aim is to share information and reduce fraud.
thelogic.co/news/big-ban...

@lujobauer.bsky.social starting off USENIX security to a large packed room.

Closing #soups2025 remarks by our incredible general chair Patrick Gage Kelly.

This work reminds me greatly of the book: Taming Information Technology which was written in response to the proposal to automate system administrator tasks.

ICS are also under lots of regulation.

Clement Fung presenting about industrial control systems (ICS). They interviewed people who protect ICS. Current alarm systems have a great variety in how they are designed and even who is in charge of managing them.
#soups2025
www.usenix.org/conference/s...

Increase self-efficacy. <- mirrors my own experiences that are hard to tell if it is even working.

If security and privacy was a character, what traits would they have?

Nina Gerber @ninag72.bsky.social presenting on social and emotional dimensions of security. How can security and privacy be made more enjoyable? Used sentence completion tasks. People found important but not interesting.
#soups2025
www.usenix.org/conference/s...

Qiurong Song presenting on predatory monetization in video games such as Roblox. Loot boxes being a example. Developers are adding predatory design on purpose. Use of possess and in-have currency make it harder to stay aware of how much is spent. #soups2025
www.usenix.org/conference/s...

Teens and privacy in terms of barrier management. Navigate self disclosure. Issues like ambiguous norms. Also the ability to trust an audience.
#soups2025
www.usenix.org/conference/s...

Lots of great discussions around yours of errors in papers. Sadly statistics errors are common.

Jenny Tang presenting about doing and reporting statistics in research papers. #soup2025
There are many ways to do statistics incorrectly and even if the test is correct the necessary numbers to interpret them may not be provided.
@lujobauer.bsky.social
www.usenix.org/conference/s...

Annalina Buckmann (soon on job market) presenting on sociodemographic factors and barriers to security and privacy adoption. Mapped findings to SPAF factors.
#soups2025
www.usenix.org/conference/s...

Anna-Marie Ortloff presenting a replication of the "No one can hack my mind" paper. #soups2025
Experts have even more focus on authentication. End users also using 2FA increasing anf anti virus usage going down.
www.usenix.org/conference/s...

Laura Marie Abels presenting on Social Desirability and developing a scale to measure it. #soups2025
www.usenix.org/conference/s...

Lily Klucinec presenting about mobile money in Kenya which is a financial system tied to SIM cards. To withdraw money personal information currently have to be shared with a mobile money in-person agent. #soups2025 @lorriecranor.bsky.social
www.usenix.org/conference/s...

Security keys had a range of usability challenges linked to their physical nature, such as having to carry them and find a comparable USB slot for them.

Time based one time passwords, such as those generated by Google Authenticator app. Part of the FIDO Alliance. The paper compares physical secury keys to TOTPs+passwords.
#soups2025
www.usenix.org/conference/s...

Primary password typing meant that participants saw no improvement in time use. Why type a password just so the software could enter a password. Easier to just enter the password directly.

Peter Mayer presenting about forest time users of password managers #soups2025
Before the study on average had 36 passwords, some of which were reused. There was use of the manager such as adding new passwords.
www.usenix.org/conference/s...

Thank you for the resource, I am always looking at ways to fit ethics into my cyber security course.

Knowledge based questions also no longer recommended, but still common.

Analysis of NIST authentication advice in standards documents. #soups2025
Multi factor advice is followed by many universities. Password regular password changes (no longer recommended) still common.
www.usenix.org/conference/s...